YouPorn debug file exposure hits a million users

Summary:The personal data of more than a million pornography connoisseurs has been exposed, after a pornographic chat site was found to be storing email address and passwords on a public-facing server.The breach was found at the YouPorn Chat (YP Chat) site, a third party service that is separate from YouPorn itself, but that was linked to from that site.

The personal data of more than a million pornography connoisseurs has been exposed, after a pornographic chat site was found to be storing email address and passwords on a public-facing server.

The breach was found at the YouPorn Chat (YP Chat) site, a third party service that is separate from YouPorn itself, but that was linked to from that site.

It appears that the information was being stored in a debug log file with a publicly accessible URL, according to security expert Anders Nilsson of the Swedish firm EuroSecure. Nilsson noted that, judging from the contents of the log file, it had been publicly accessible since around November 2007, and had been showing new registration data ever since then.

"For a security professional it is baffling how coders working on a website with such sensitive content can make mistakes of this magnitude," Nilsson wrote in a blog post on Wednesday. "Allegedly hundreds of megabytes of data has been secured by people with unknown goals. Cyber criminals can easily go through these e-mail addresses and match them with passwords and this way gain access to e-mail accounts."

According to the security expert, the debug log file was found on Tuesday, probably by "someone sweeping websites for publicly accessible, but hidden folders".

Nilsson added that, once criminals are in people's accounts, they can "secure even more sensitive information to use in phishing attacks, theft, or fraud". He suggested that hackers were already going through the lists, correlating email addresses with Facebook and email accounts and trying the listed YP Chat passwords — with some success.

"Hackers… have posted some intimate pictures found in some users' sent/received email," Nilsson wrote.

Nilsson pointed out that many people still use the same passwords for most or all the services they use online, making it easier for miscreants to make use of information such as that taken from the YP Chat site.

As an aid to demonstrating how weak passwords can be, Nilsson also posted a series of statistics showing the most commonly chosen character sequences.

David Meyer is a freelance technology journalist. He fell into journalism when he realised his musical career wouldn't be paying many bills. His early journalistic career was spent in general news, working behind the scenes for BBC radio and on-air as a newsreader for independent stations. David's main focus is on communications, of both...
Full Bio